Overview

Application Services iApp

Modes

The iApp supports multiple modes of operation:

Mode Description
Standalone Deployment driven by BIG-IP via GUI or API (SOAP/REST)
F5 iWorkflow Deployment driven by the F5’s iWorkflow product (Service Catalog/REST Proxy)
Cisco APIC Deployment driven by L4-7 Service Graphs via the iWorkflow Dynamic Device Package and Cisco Systems APIC Controller
VMware NSX Deployment driven by L4-7 Service Insertion via iWorkflow from VMware NSX

Features

Deployment Control

  • Strict Updates setting Control
  • Automated Statistics Handler Creation
  • Deployment mode override
  • Route Domain support
  • ASM/APM Policy Redeployment Control
    • Preserve on-box policy (allow out-of-band policy updates)
    • Enforce template policy (overwrite local changes)
  • Deployment Log Level Control

L4-7 Helpers

  • Statistics:
    • TLS/SSL
    • HTTP
    • Virtual Server/Pool
  • HTTP/HTTPS ADC:
    • Full HTTP/L7 Policy Creation (e.g. URI/Header/etc based routing, HTTP Request Manipulation)
    • X-Forwarded-For Header Insertion
    • HTTP->HTTPS Redirect creation
    • TLS/SSL Easy Cipher String
  • L4 Security:
    • L4 Firewall Policy Support
    • Dynamic IP Blacklisting/IP Intelligence (BIG-IP subscription required)
    • Static Blacklist Source Address List
    • Static Allowed Source Address List
  • HTTP/HTTPS L7 Security:
    • HTTP Strict Transport Security Header Insertion
    • Web Application Firewall (ASM) policy bundling and deployment from URL
    • Identity and Access Management (APM) policy bundling deployment from URL

Custom Extensions

Virtual Address Options

  • Route Advertisement Control
  • Advanced Option Support
    • Access to any TMSH configurable attribute

Virtual Server Options

  • Multiple listeners:

    • IPv4 & IPv6 Address and L4 Port
      • Remove SSL/TLS profile(s) (Client, Server, Both)
      • Destinations:
        • Pools (template created and existing pools on system)
        • Create additional HTTP->HTTPS Redirect

  • Administrative Attributes:

    • Name
    • Description

  • L3/4 Functionality:

    • IPv4 & IPv6
    • Types:
      • Standard
      • Performance/FastL4
      • Forwarding (L2/IP)
      • Internal
      • IP
    • Network Mask
    • Port
    • Protocol (tcp/udp)
    • L4 Protocol Profiles (Server/Client-side)
      • Access to any TMSH configurable attribute via ‘create’ syntax
    • SNAT
      • Automap
      • Pre-existing SNAT Pool
      • Dynamic SNAT Pool creation
      • Dynamic SNAT Pool referencing (Cisco APIC specific)
    • Connection Limits
    • Dynamic IP Blacklist/IP Intelligence Profiles
    • Source Port Behavior
    • Connection Mirroring
    • Advanced Option Support
      • Access to any TMSH configurable attribute

  • L4-7 Functionality:

    • iRules:

      • Reference pre-existing iRules (ordering preserved)

      • Bundled iRule support

      • Dynamically load from URL

        • Required URLs
        • Optional URLs - allow deployment to succeed if iRule does not exist on remote server

      • Advanced Profile Support

        • Reference any pre-existing policy on the device

    • SSL/TLS:

      • Dynamically created Client-SSL profiles

        • Reference pre-existing static Cert/Key
        • ‘auto’ mode to dynamically link pre-existing Cert/Key pair
        • Load cert/key from URL

      • Certificate Chain/Bundle

      • Cipher String

      • Advanced Option Support

        • Access to any TMSH configurable Client-SSL profile attribute

    • Profiles with create syntax support:

      • L4 Protocol (tcp/udp/fastL4)
      • HTTP
      • OneConnect
      • Compression
      • Request Logging
      • Server-SSL
      • Client-SSL
      • Default/Fallback Persistence

    • Profiles without create syntax support:

      • Pre-existing Client-SSL
      • Analytics
      • Security Logging
      • DoS Protection
      • Access Specific (APM):
        • Access Profile
        • Connectivity Profile
        • Per-Request Profile

Pool Options

  • Create multiple pools
  • Advanced Option Support
    • Access to any TMSH configurable attribute
  • Administrative Attributes:
    • Name
    • Description
  • Health Monitor(s) w/ Minimum # monitors
  • Load Balancing Method
  • Dynamic Member Update Defaults (Port)
  • Members
    • Addressing
      • IPv4 & IPv6
      • Existing Node
      • Node Creation with Custom Name
      • FQDN Lookup
    • Port
    • Connection Limit
    • Ratio
    • Priority Groups
    • Administrative State
    • Advanced Option Support
      • Access to any TMSH configurable attribute

Health Monitors

  • Multiple monitor support
  • Create custom health monitors
    • Advanced Option Support
      • Access to any TMSH configurable attribute
  • Reference existing health monitors

Helper Scripts

  • import_template_bigip.py: Create/update iApp template
  • import_cery_key.py: Create/update SSL/TLS Cert/Key on BIG-IP
  • deploy_iapp_bigip.py: Deploy iApp Service on BIG-IP
  • delete_iapp_bigip.py: Delete iApp Service on BIG-IP

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.

Previous Next